Player FM - Internet Radio Done Right
28 subscribers
Checked 1d ago
Dodano four lat temu
Treść dostarczona przez Johannes B. Ullrich. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez Johannes B. Ullrich lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.
Player FM - aplikacja do podcastów
Przejdź do trybu offline z Player FM !
Przejdź do trybu offline z Player FM !
Network Security News Summary for Monday December 16th, 2024
Manage episode 455687387 series 2911633
Treść dostarczona przez Johannes B. Ullrich. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez Johannes B. Ullrich lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.
Struts 2 Exploited; Citrix Password Spraying; 6 Day Certs; Certified Pre-Pw0n3d Exploit Attempts Inspired by Recent Struts 2 File Upload Vulnerability https://isc.sans.edu/diary/Exploit%20attempts%20inspired%20by%20recent%20Struts2%20File%20Upload%20Vulnerability%20%28CVE-2024-53677%2C%20CVE-2023-50164%29/31520 Citrix Netscaler Password Spraying Mitigation https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024/ Let's Encrypt Six Day Certifiates https://letsencrypt.org/2024/12/11/eoy-letter-2024/ Devices in Germany Arrived Pre-Pw0n3d https://cybersecuritynews.com/30000-devices-in-germany-discovered-with-pre-installed-malware-badbox/ keywords: germany; badbox; lets encrypt; citrix;
…
continue reading
1000 odcinków
Network Security News Summary for Monday December 16th, 2024
SANS Internet Storm Center's Daily Network Security News Podcast
Manage episode 455687387 series 2911633
Treść dostarczona przez Johannes B. Ullrich. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez Johannes B. Ullrich lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.
Struts 2 Exploited; Citrix Password Spraying; 6 Day Certs; Certified Pre-Pw0n3d Exploit Attempts Inspired by Recent Struts 2 File Upload Vulnerability https://isc.sans.edu/diary/Exploit%20attempts%20inspired%20by%20recent%20Struts2%20File%20Upload%20Vulnerability%20%28CVE-2024-53677%2C%20CVE-2023-50164%29/31520 Citrix Netscaler Password Spraying Mitigation https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024/ Let's Encrypt Six Day Certifiates https://letsencrypt.org/2024/12/11/eoy-letter-2024/ Devices in Germany Arrived Pre-Pw0n3d https://cybersecuritynews.com/30000-devices-in-germany-discovered-with-pre-installed-malware-badbox/ keywords: germany; badbox; lets encrypt; citrix;
…
continue reading
1000 odcinków
Alla avsnitt
×![Artwork](/static/images/128pixel.png)
1 SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch (#) 6:03
6:03
Na później
Na później
Listy
Polub
Polubione6:03![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch DShield SIEM Docker Updates Interested in learning more about the attacks hitting your honeypot? Guy assembled a neat SIEM to create dashboards summarizing the attacks. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/31680 PANOS Path Confusion Auth Bypass Palo Alto Networks fixed a path confusion vulnerability introduced by the overly complex midle box chain in PANOS. https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ https://www.theregister.com/2025/02/13/palo_alto_firewall/ China's Volt Typhoon Continues to use Cisco Vulns Recorded Future wrote up some recent attacks of the Red Mike / Volt Typhoon groups going after telecom providers by compromissing Cisco systems via an older vulnerabilty https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/ Crowdstrike Patches Linux Client https://www.crowdstrike.com/security-advisories/cve-2025-1146/ keywords: crowdstrike; falcon; china; volt typhoon; redmike; cisco; panos; nginx; apache; php; dshield; siem;…
![Artwork](/static/images/128pixel.png)
1 SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches (#) 5:59
5:59
Na później
Na później
Listy
Polub
Polubione5:59![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches An Ontology for Threats: Cybercrime and Digital Forensic Investigation on Smart City Infrastructure Smart cities is a big topic for many local governments. With building these complex systems, attacks will follow. https://isc.sans.edu/diary/An%20ontology%20for%20threats%2C%20cybercrime%20and%20digital%20forensic%20investigation%20on%20Smart%20City%20Infrastructure/31676 North Korean state actor tricking admins into executing PowerShell North Korean state actors are spending quite a bit of effort setting up relationships with South Korean system administrators, culminating in them getting tricked into executing malicious PowerShell scripts. https://x.com/MsftSecIntel/status/1889407814604296490 Wazuh Vulnerability A deserialization vulnerability in Wazuh may lead to an unauthenticated remote code execution vulnerability https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh PAM PKCS11 Vulnerablity Several vulnerabilities in the Linux PAM module processing smart card authentication can be used to bypass authentication https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13 Ivanti Patches Ivanti released its monhtly update, fixing a number of critical vulnerabilities in Connect Secure and other prodcuts https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US keywords: ivanti; pam; pkcs11; linux; wazuh; korea; powershell; ontology; smart city…
![Artwork](/static/images/128pixel.png)
1 SANS Stormcast Feb 12th 2025: MSFT Patch Tuesday; Adobe Patches; FortiNet Acknowledges Exploitation of FortiOS (#) 5:54
5:54
Na później
Na później
Listy
Polub
Polubione5:54![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS Stormcast Feb 12th 2025: MSFT Patch Tuesday; Adobe Patches; FortiNet Acknowledges Exploitation of FortiOS Microsoft Patch Tuesday Microsoft released patches for 55 vulnerabilities. Three of them are actagorized as critical, two are already exploited and another two have been publicly disclosed. The LDAP server vulnerability could become a huge deal, but it is not clear if an exploit will appear. https://isc.sans.edu/diary/Microsoft%20February%202025%20Patch%20Tuesday/31674 Adobe Patches Adobe released patches for seven products. Watch out in particular for the Adobe Commerce issues https://helpx.adobe.com/security/security-bulletin.html Fortinet Acknowledges Exploitation of Vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-24-535 keywords: fortinet; adobe; microsoft;…
![Artwork](/static/images/128pixel.png)
1 SANS Stormcast Feb 11th 2025: 7zip and MoW; Apple 0-Day Fix; AMD Microcode Overwrite; Trimble CityWorks 0-Day; MageCart Update (#) 7:16
7:16
Na później
Na później
Listy
Polub
Polubione7:16![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS Stormcast Feb 11th 2025: 7zip and MoW; Apple 0-Day Fix; AMD Microcode Overwrite; Trimble CityWorks 0-Day; MageCart Update Reminder: 7-Zip MoW The MoW must be added to any files extracted from ZIP or other compound file formats. 7-Zip does not do so by default unless you alter the default configuration. https://isc.sans.edu/diary/Reminder%3A%207-Zip%20%26%20MoW/31668 Apple Fixes 0-Day Apple released updates to iOS and iPadOS fixing a bypass for USB Restricted Mode. The vulnerability is already being exploited. https://support.apple.com/en-us/122174 AMD ZEN CPU Microcode Update An attacker is able to replace microcode on some AMD CPUs. This may alter how the CPUs function and Google released a PoC showing how it can be used to manipulate the random number generator. https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w Trimble Cityworks Exploited CISA added a recent Trimble Cityworks vulnerabliity to its list of exploited vulnerabilities. https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-06-docx/0? Google Tag Manager Skimmer Steals Credit Card Info Sucuri released a blog post with updates to the mage cart campaign. The latest version is injecting malicious code as part of the google tag manager / analytics code. https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html keywords: google; sucuri; amd; trimble; cityworks; tag manager;…
![Artwork](/static/images/128pixel.png)
1 SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs (#) 6:52
6:52
Na później
Na później
Listy
Polub
Polubione6:52![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs SSL 2.0 Turns 30 This Sunday SSL was created in February 1995. However, back in 2005, only a year later, SSL 3.0 was released, and as of 2011, SSL 2.0 was deprecated, and support was removed from many crypto libraries. However, over 400k hosts are still exposed via SSL 2.0. https://isc.sans.edu/diary/SSL%202.0%20turns%2030%20this%20Sunday...%20Perhaps%20the%20time%20has%20come%20to%20let%20it%20die%3F/31664 Deepseek News Many articles cover various security shortcomings in the Chinese Deepseek AI model. Remember that some of these issues are not unique to Deepseek. https://www.upguard.com/blog/deepseek-adoption https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/ Crypto Wallet Scam Not For Free Didier looked closer at the recent dual signature crypto scams. These wallets are not free; attackers must spend money to set them up. https://isc.sans.edu/diary/Crypto+Wallet+Scam+Not+For+Free/31666 keywords: crypto; deepseek; ssl; anniversary…
![Artwork](/static/images/128pixel.png)
1 SANS Internet Stormcast Feb 7th 2025: Unbreakable Anti-Debugging; (#) 6:23
6:23
Na później
Na później
Listy
Polub
Polubione6:23![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS Internet Stormcast Feb 7th 2025: Unbreakable Anti-Debugging; The Unbreakable Multi-Layer Anti-Debugging System Xavier found a nice Python script that included what it calls the "Unbreakable Multi-Layer Anti-Debugging System". Leave it up to Xavier to tear it appart for you. https://isc.sans.edu/diary/The%20Unbreakable%20Multi-Layer%20Anti-Debugging%20System/31658 Take my money: OCR crypto stealers in Google Play and App Store Malware using OCR on screen shots was available not just via Google Play, but also the Apple App Store. https://securelist.com/sparkcat-stealer-in-app-store-and-google-play-2/115385/ Threat Actors Still Leveraging Legit RMM Tool ScreenConnect Unsurprisingly, threat actors still like to use legit remote admin tools, like ScreenConnect, as a command and control channel. Silent Push outlines the latest trends and IoCs they found https://www.silentpush.com/blog/screenconnect/ Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities Java deserializing strikes again to allow arbitrary code execution. Cisco fixed this vulnerability and a authorization bypass issue in its Identity Services Engine https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF F5 Update F5 fixes an interesting authentication bypass problem affecting TLS client certificates https://my.f5.com/manage/s/article/K000149173 keywords: f5, java, cisco, ise; ios; android; screenshots; screenconnect; python; anti-debugging…
![Artwork](/static/images/128pixel.png)
1 SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firewall CT Policy; Veeam and Netgear patches (#) 7:03
7:03
Na później
Na później
Listy
Polub
Polubione7:03![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firewall CT Policy; Veeam and Netgear patches Phishing via com- prefix domains Every day, attackers are registering a few hunder domain names starting with com-. These are used in phishing e-mails, like for example "toll fee scams", to create more convincing phishing links. https://isc.sans.edu/diary/Phishing%20via%20%22com-%22%20prefix%20domains/31654 Microsoft Windows 10 Extended Security Updates Microsoft released pricing and additional details for the Windows 10 extended security updates. For the first year after official free updates stopped, security updates will be available for $61 for the first year. https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates Mozilla Enforcing Certificate Transparency Mozilla is following the lead from other browsers, and will require certificates to include a certificate signature timestamp as proof of compliance with certificate transparency requirements. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA/m/Q4c89XG-EAAJ https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies Veeam Update Veeam's internal backup process may be used to execute arbitrary code by an attacker with a machine in the middle position. https://www.veeam.com/kb4712 Netgear Unauthenticated RCE https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039 keywords: netgear; veeam; firefox; certificate transparency; ct; microsoft; windows 10; ESU; updates; phishing; sunpass;…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast Feb 5ht 2025: Feed Updates and Rosti; Resurrecting Dead S3 Buckets; Let's Encrypt Changes; Edge Device Security (#) 7:22
7:22
Na później
Na później
Listy
Polub
Polubione7:22![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast Feb 5ht 2025: Feed Updates and Rosti; Resurrecting Dead S3 Buckets; Let's Encrypt Changes; Edge Device Security Some Updates to Our Data Feeds We made some updates to the documentation for our data feeds, and added the neat Rosti Feed to our list as well as to our ipinfo page. https://isc.sans.edu/diary/Some%20updates%20to%20our%20data%20feeds/31650 8 Million Request Later We Meade the Solarwindws Supply Chain Attack Look Amateur While the title is a bit of watchTowr hyperbole, the problem of resurrecting dead S3 buckets back to live is real and needs to be addressed. Boring solutions will help not becoming an exciting headline. https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/ Let's Encrypt Ending Expiration Emails Let's Encrypt will no longer send emails for expiring certificates. They suggest other free services to send these emails for you https://letsencrypt.org/2025/01/22/ending-expiration-emails/ Guidance and Strategies Protect Network Edge Edvices CISA and other agencies created a guidance document outlining how to protect edge devices like firewalls, vpn concentrators and other similar devices. https://www.cisa.gov/resources-tools/resources/guidance-and-strategies-protect-network-edge-devices keywords: cisa; edge; devices; guidance; letsencrypt; email; s3; bucket; feeds; documentation; data…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast Feb 4th 2025: Crypto Scam; Mediatek and D-Link Patches; Microsoft ends VPN Service (#) 6:13
6:13
Na później
Na później
Listy
Polub
Polubione6:13![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast Feb 4th 2025: Crypto Scam; Mediatek and D-Link Patches; Microsoft ends VPN Service Crypto Wallet Scam YouTube spam messages leak private keys to crypto wallets. However, these keys can not be used to withdraw funds. Victims are scammed into depositing "gas fees" which are then collected by the scammer. https://isc.sans.edu/diary/Crypto%20Wallet%20Scam/31646 Mediatek Patches Mediatek patched numerous vulnerabilities in its WLAN products. Some allow for unauthenticated arbitrary code execution https://corp.mediatek.com/product-security-bulletin/February-2025 D-Link Vulnerability D-Link disclosed a vulnerability in older routers that as of May no longer receive any updates. Your only option is to upgrade hardare. https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415 Microsoft Discontinues VPN Service Microsoft is shutting down the VPN service that was included as part of Microsoft Defender https://support.microsoft.com/en-au/topic/end-of-support-privacy-protection-vpn-in-microsoft-defender-for-individuals-8b503da5-732a-4472-833a-e2ddca53036a keywords: microsoft, dlink, mediatek, okx, crypto, scam…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast Feb 3rd 2025: Automating Cyber Ranges; Deepseek Scams; PyPi Archived State; Medical Backdoors (#) 6:24
6:24
Na później
Na później
Listy
Polub
Polubione6:24![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast Feb 3rd 2025: Automating Cyber Ranges; Deepseek Scams; PyPi Archived State; Medical Backdoors To Simulate or Replicate: Crafting Cyber Ranges Automating the creation of cyber ranges. This will be a multi part series and this part covers creating the DNS configuration in Windows https://isc.sans.edu/diary/To%20Simulate%20or%20Replicate%3A%20Crafting%20Cyber%20Ranges/31642 Scammers Exploiting Deepseek Hype Scammers are using the hype around Deepseek, and some of the confusion caused by it's site not being reachable, to scam users into installing malware. I am also including a link to a "jailbreak" of Deepseek (this part was not covered in the podcast). https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ https://lab.wallarm.com/jailbreaking-generative-ai/ PyPi Archived Status PyPi introduced a new feature to mark repositories as archived. This implies that the author is no longer maintaining the particular package https://blog.pypi.org/posts/2025-01-30-archival/ ICS Mecial Advisory: Comtec Patient Monitor Backdoor And interested backdoor was found in a Comtech Patient Monitor. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 keywords: comtech; medical; backdoor; pypi; deepseek; dns; cyber range…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak; (#) 5:40
5:40
Na później
Na później
Listy
Polub
Polubione5:40![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak; PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary] https://isc.sans.edu/diary/PCAPs%20or%20It%20Didn%27t%20Happen%3A%20Exposing%20an%20Old%20Netgear%20Vulnerability%20Still%20Active%20in%202025%20%5BGuest%20Diary%5D/31638 RCE Vulnerablity in AI Development Platform Lightning AI Noma Security discovered a neat remote code execution vulnerability in Lightning AI. This vulnerability is exploitable by tricking a logged in user into clicking a simple link. https://noma.security/noma-research-discovers-rce-vulnerability-in-ai-development-platform-lightning-ai/ Canon Laser Printers and Small Office Multifunctional Printer Vulnerabilities Canon fixed three different vulnerablities affecting various laser and small office multifunctional printers. These vulnerabilities may lead to remote code execution, and there are some interesting exploit opportunities https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers Deepseek ClickHouse Database Leak https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak keywords: deepseek; clickhouse; canon; ai; lightning; netgear…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch (#) 5:33
5:33
Na później
Na później
Listy
Polub
Polubione5:33![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch From PowerShell to a Python Obfuscation Race! This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634 Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release https://x.com/MonThreat/status/1884577840185643345 https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376 The Tainted Voyage: Uncovering Voyager's Vulnerabilities Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads. https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/ Hackers exploit critical unpatched flaw in Zyxel CPE devices A currently unpatches vulnerablity in Zyxel devices is actively exploited. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/ VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346 keywords: vmware; avi load balancer; sql injection; voyager; laravel; php; zyxel; fortinet; python; powershell; garmin…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code (#) 6:08
6:08
Na później
Na później
Listy
Polub
Polubione6:08![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code Learn about fileless crypto stealers written in Python, the ongoing exploitation of recent SimpleHelp vulnerablities, new Apple Silicon Sidechannel attacks a Team Viewer Vulnerablity and an odd QR Code Fileless Python InfoStealer Targeting Exodus This Python script targets Exodus crypto wallet and password managers to steal crypto currencies. It does not save exfiltrated data in files, but keeps it in memory for exfiltration https://isc.sans.edu/diary/Fileless%20Python%20InfoStealer%20Targeting%20Exodus/31630 Campaign Exploiting SimpleHelp Vulnerablity Arcticwolf observed attacks exploiting SimpleHelp for initial access to networks. It has not been verified, but is assumed that vulnerabilities made public about a week ago are being exploited. https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/ Two new Side Channel Vulnerabilities in Apple Silicon SLAP (Data Speculation Attacks via Load Address Prediction): This attack exploits the Load Address Predictor in Apple CPUs starting with the M2/A15, allowing unauthorized access to sensitive data by mispredicting memory addresses. FLOP (Breaking the Apple M3 CPU via False Load Output Predictions): This attack targets the Load Value Predictor in Apple's M3/A17 CPUs, enabling attackers to execute arbitrary computations on incorrect data, potentially leaking sensitive information. https://predictors.fail/ Teamviewer Security Bulletin Teamviewer patched a privilege escalation vulnerability CVE-2025-0065 https://www.teamviewer.com/en-us/resources/trust-center/security-bulletins/tv-2025-1001/ Odd QR Code A QR code may resolve to a different URL if looked at at an angle. https://mstdn.social/@isziaui/113874436953157913 Limited Discount for SANS Baltimore https://sans.org/u/1zQd keywords: qr code; teamviewer; apple silicon; sidechannel; python; exodus;…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches (#) 6:14
6:14
Na później
Na później
Listy
Polub
Polubione6:14![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr An unusal shy z-wasp phish https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626 How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters Apple Patches https://support.apple.com/en-us/100100 Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues Get Fortirekt I am the Super_admin now https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/ Details about a recent FortiOS Vulnerability GitHub Desktop Vulnerability https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html Apache Solr Vulnerability https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access keywords: solr; github; desktop; fortinet; fortios; apple; shy; html; z-wasp…
![Artwork](/static/images/128pixel.png)
1 SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak (#) 6:29
6:29
Na później
Na później
Listy
Polub
Polubione6:29![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak Guest Diary: How Access Brokers Maintain Persistence Explore how cybercriminals utilize access brokers to persist within networks and the impact this has on organizational security. https://isc.sans.edu/forums/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/ Critical Vulnerability in Meta's Llama Stack (CVE-2024-50050) A deep dive into CVE-2024-50050, a critical vulnerability affecting Meta's Llama Stack, with exploitation details and mitigation strategies. https://www.oligo.security/blog/cve-2024-50050-critical-vulnerability-in-meta-llama-llama-stack ESXi Ransomware and SSH Tunneling Defense Strategies Learn how to fortify your infrastructure against ransomware targeting ESXi environments, focusing on SSH tunneling and proactive measures. https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/ Zyxel USG FLEX/ATP Series Application Signature Recovery Steps Addressing issues with Zyxel’s USG FLEX/ATP Series application signatures as of January 24, 2025, with a detailed recovery guide. https://support.zyxel.eu/hc/en-us/articles/24159250192658-USG-FLEX-ATP-Series-Recovery-Steps-for-Application-Signature-Issue-on-January-24th-2025 Subaru Starlink Vulnerability Exposed Cars to Remote Hacking Discussing how a vulnerability in Subaru’s Starlink system left vehicles susceptible to remote exploitation and the steps taken to resolve it. https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/ keywords: subaru; starlink; zyxel; usg flex; atp; esci; meta; llama; access broker…
Zapraszamy w Player FM
Odtwarzacz FM skanuje sieć w poszukiwaniu wysokiej jakości podcastów, abyś mógł się nią cieszyć już teraz. To najlepsza aplikacja do podcastów, działająca na Androidzie, iPhonie i Internecie. Zarejestruj się, aby zsynchronizować subskrypcje na różnych urządzeniach.